Streaming giant Roku has confirmed its second security incident in recent months, this time allowing hackers to compromise more than 500,000 Roku user accounts.
The company said in a statement Friday that malicious hackers are using usernames and passwords stolen from other data breaches and reusing the login information on other sites, a technique called “credential stuffing.” It was announced that approximately 576,000 user accounts were accessed.
Roku says there were fewer than 400 account breaches in which malicious hackers used payment data stored in users' accounts to fraudulently purchase Roku hardware and streaming subscriptions. Roku said it has issued refunds to customers whose accounts were affected by the breach.
The company, which has 80 million customers, said the malicious hacker “was unable to access sensitive user information or complete credit card information.”
Roku said it discovered the second incident while notifying approximately 15,000 Roku users that their accounts had been compromised in a previous credential stuffing attack.
In response to the security incident, Roku said it introduced two-factor authentication for users. Two-factor authentication prevents credential stuffing attacks by adding an extra layer of security to your online accounts. By prompting users to enter a time-limited code along with their username and password, malicious hackers won't be able to break into your accounts with just a stolen password.